1 \input texinfo @c -*-texinfo-*-
8 * SASL: (sasl). The Emacs SASL library.
11 @settitle Emacs SASL Library @value{VERSION}
15 This manual describes the Emacs SASL library.
17 A common interface to share several authentication mechanisms between
18 applications using different protocols.
21 * Overview:: What Emacs SASL library is.
22 * How to use:: Adding authentication support to your applications.
24 * Backend drivers:: Writing your own drivers.
33 @sc{sasl} is short for @dfn{Simple Authentication and Security Layer}.
34 This standard is documented in RFC2222. It provides a simple method for
35 adding authentication support to various application protocols.
37 The toplevel interface of this library is inspired by Java @sc{sasl}
38 Application Program Interface. It defines an abstraction over a series
39 of authentication mechanism drivers (@ref{Backend drivers}).
41 Backend drivers are designed to be close as possible to the
42 authentication mechanism. You can access the additional configuration
43 information anywhere from the implementation.
50 To use Emacs SASL library, please evaluate following expression at the
51 beginning of your application program.
57 If you want to check existence of sasl.el at runtime, instead you
58 can list autoload settings for functions you want.
63 There are three data types to be used for carrying a negotiated
64 security layer---a mechanism, a client parameter and an authentication
76 A mechanism (@code{sasl-mechanism} object) is a schema of the @sc{sasl}
77 authentication mechanism driver.
79 @defvar sasl-mechanisms
80 A list of mechanism names.
83 @defun sasl-find-mechanism mechanisms
85 Retrieve an apropriate mechanism.
86 This function compares MECHANISMS and @code{sasl-mechanisms} then
87 returns apropriate @code{sasl-mechanism} object.
90 (let ((sasl-mechanisms '("CRAM-MD5" "DIGEST-MD5")))
91 (setq mechanism (sasl-find-mechanism server-supported-mechanisms)))
96 @defun sasl-mechanism-name mechanism
97 Return name of mechanism, a string.
100 If you want to write an authentication mechanism driver (@ref{Backend
101 drivers}), use @code{sasl-make-mechanism} and modify
102 @code{sasl-mechanisms} and @code{sasl-mechanism-alist} correctly.
104 @defun sasl-make-mechanism name steps
105 Allocate a @code{sasl-mechanism} object.
106 This function takes two parameters---name of the mechanism, and a list
107 of authentication functions.
110 (defconst sasl-anonymous-steps
111 '(identity ;no initial response
112 sasl-anonymous-response))
114 (put 'sasl-anonymous 'sasl-mechanism
115 (sasl-make-mechanism "ANONYMOUS" sasl-anonymous-steps))
123 A client (@code{sasl-client} object) initialized with four
124 parameters---a mechanism, a user name, name of the service and name of
127 @defun sasl-make-client mechanism name service server
128 Prepare a @code{sasl-client} object.
131 @defun sasl-client-mechanism client
132 Return the mechanism (@code{sasl-mechanism} object) of client.
135 @defun sasl-client-name client
136 Return the authorization name of client, a string.
139 @defun sasl-client-service client
140 Return the service name of client, a string.
143 @defun sasl-client-server client
144 Return the server name of client, a string.
147 If you want to specify additional configuration properties, please use
148 @code{sasl-client-set-property}.
150 @defun sasl-client-set-property client property value
151 Add the given property/value to client.
154 @defun sasl-client-property client property
155 Return the value of the property of client.
158 @defun sasl-client-set-properties client plist
159 Destructively set the properties of client.
160 The second argument is the new property list.
163 @defun sasl-client-properties client
164 Return the whole property list of client configuration.
170 A step (@code{sasl-step} object) is an abstraction of authentication
171 "step" which holds the response value and the next entry point for the
172 authentication process (the latter is not accessible).
174 @defun sasl-step-data step
175 Return the data which STEP holds, a string.
178 @defun sasl-step-set-data step data
179 Store DATA string to STEP.
182 To get the initial response, you should call the function
183 @code{sasl-next-step} with the second argument nil.
186 (setq name (sasl-mechanism-name mechanism))
189 At this point we could send the command which starts a SASL
190 authentication protocol exchange. For example,
195 (if (sasl-step-data step) ;initial response
196 (format "AUTH %s %s\r\n" name (base64-encode-string (sasl-step-data step) t))
197 (format "AUTH %s\r\n" name)))
200 To go on with the authentication process, all you have to do is call
201 @code{sasl-next-step} consecutively.
203 @defun sasl-next-step client step
204 Perform the authentication step.
205 At the first time STEP should be set to nil.
208 @node Backend drivers
209 @chapter Backend drivers
218 @chapter Function Index
222 @chapter Variable Index